Re: [dane] Digest Algorithm Agility discussion

Viktor Dukhovni <viktor1dane@dukhovni.org> Sun, 23 March 2014 19:57 UTC

Date: Sun, 23 Mar 2014 19:57:17 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20140323195717.GA13649@mournblade.imrryr.org>
References: <20140315051704.GY21390@mournblade.imrryr.org> <0l4n2sa5a0.fsf@wjh.hardakers.net> <20140322074737.GA5739@anguilla.noreply.org> <20140323174205.63C6111B2111@rock.dv.isc.org> <20140323182106.GX24183@mournblade.imrryr.org> <20140323185718.7A84711B2CB8@rock.dv.isc.org> <20140323191037.GA1469@anguilla.noreply.org> <20140323192557.7716111B342A@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20140323192557.7716111B342A@rock.dv.isc.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/nWL06ulZHnj6HHF3uG1mNLm9AFs
Subject: Re: [dane] Digest Algorithm Agility discussion
Precedence: list
Reply-To: dane@ietf.org

On Mon, Mar 24, 2014 at 06:25:57AM +1100, Mark Andrews wrote:

> > Site A only publishes SHA1 entries.  Would rather do unauthenticated TLS
> > than trust SHA1?
> 
> You left out - report and refuse to send until fixed.

Broken is not a binary state.  Before previously reasonably sound
algorithms are fully broken, they are first tarnished, and our
confidence in their strength begins to fray.

Refuse to send is a strong reaction, when an algorithm is only
tarnished, with no known practical attacks, but known signs of
weakness.  Have you disabled RC4 in your browser yet?  If not, your
rather principled stand is "do as I say, not do I as do".

> > Site B publishes both SHA2-512 and SHA1 entries.  Would you still want
> > to trust SHA1?
> 
> Once you decide SHA1 is not acceptable you ignore the records with SHA1
> hashes.

A flag day, one can sensibly avoid, by incrementally phasing out
(hypothetically) SHA1 as server publish stronger records that include
(hypothetically) SHA1 to accommodate weaker clients in addition to stronger
digests.

> Publishing new hashes is trivial and will remain trivial.

Flag days remain a major deployment problem.

> Once a algorithm has reached the state where you don't trust it for a
> purpose you don't use it for that purpose.

That's fine, except at Internet scale.  Windows 2003 servers still
top out at RC4-SHA1, and at least Exchange 2003 has a broken 3DES
implementation.   Many server operators only enable RC4 for
performance reasons.

When exactly should you or I disable RC4-SHA1 support?  Fortunately
in TLS cipher suites are negotiated.  I am trying to do the same
for DANE.

-- 
	Viktor.

[dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Paul Wouters
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
Re: [dane] Digest Algorithm Agility discussion Paul Wouters
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Paul Wouters
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Martin Rex
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Mark Andrews
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Jim Schaad
Re: [dane] Digest Algorithm Agility discussion (c… Paul Hoffman
Re: [dane] Digest Algorithm Agility discussion (c… Andrew Sullivan
Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion (c… Scott Rose
Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion (c… Scott Rose
Re: [dane] Digest Algorithm Agility discussion Wes Hardaker
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
Re: [dane] Digest Algorithm Agility discussion Mark Andrews
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Mark Andrews
Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
Re: [dane] Digest Algorithm Agility discussion Mark Andrews
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Mark Andrews
Re: [dane] Digest Algorithm Agility discussion Mark Andrews
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Paul Wouters
Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
Re: [dane] Digest Algorithm Agility discussion Wes Hardaker
Re: [dane] Digest Algorithm Agility discussion Wes Hardaker